Why was MEBIGX actually started?

MEBIGX was born from a frustration with the disposable nature of the modern web. We saw too many companies building fast and failing fast. We started this studio to do the opposite: to build fewer things with more responsibility and to treat digital systems as permanent infrastructure rather than temporary tools.

What does it mean to work with a Founder-led studio?

It means there is zero distance between the vision and the execution. You are not being passed off to an account manager or a junior developer. You are partnering directly with the architect who owns the outcome and is obsessed with the long term success of the system.

Why is the studio based in Prishtina but operating globally?

Prishtina is a hub of raw technical talent and hunger. Operating from here allows us to maintain a focused, high-discipline culture while delivering world-class engineering to the US and Europe. We bridge the gap between local grit and global standards.

What is the obsession behind the MEBIGX Product Lab?

We do not just wait for client work to innovate. Our Lab is where we break things and build our own tools. This ensures that when we solve a problem for a client, we are using methods we have already battle-tested in our own real-world products.

What does a successful partnership look like here?

It looks like calm, executive-level clarity. We seek clients who value deep work and understand that a quiet, disciplined process leads to a much more powerful result than a rushed, noisy launch. We are looking for long term obligations, not one-off projects.

Privacy Policy

Last updated: March 17, 2026

MEBIGX Digital Studio is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard your information when you visit our website.

Information We Collect

MEBIGX operates a formless data collection model. We use zero on-site forms. All communication is handled via direct mailto: protocols. We collect information that you provide directly to us through email communications, and we collect anonymized data automatically through analytics tools to understand how visitors interact with our website.

Analytics and Tracking Tools

We use Google Analytics 4 (GA4) and Google Search Console to analyze website traffic, understand user behavior, and improve our website performance. These tools use cookies and similar technologies to collect anonymized data about how visitors use our website.

All analytics data is anonymized with IP anonymization enabled and does not contain personally identifiable information. Our analytics comply with the EU-U.S. Data Privacy Framework. You can opt out of analytics tracking through our cookie consent system or by using browser settings.

How We Use Your Information

We use the information we collect to respond to your inquiries, provide our services, and improve our website and services.

Data Protection

We implement industry-standard administrative and technical measures to protect your personal information. All analytics data is anonymized and does not contain personally identifiable information.

Candidate Data

When you submit applications through our Careers mailto links, we collect candidate data for recruitment purposes. This includes CVs, portfolios, LinkedIn profiles, and related professional information sent via email.

Source: Data received via email (CVs, Portfolios, LinkedIn links)
Purpose: Evaluation for current and future roles
Storage: Internal secure email environment only. No third-party HR tools
Retention: Strictly 12 months, then permanently purged

By submitting an application via our 'Careers' mailto links, you consent to MEBIGX processing your personal data for recruitment purposes. We do not share applicant data with third-party recruiters.

Data Sovereignty & Residency

MEBIGX utilizes a Single-Node Residency policy. All server-side logic and data processing are pinned to the FRA1 (Frankfurt) Node to ensure the highest tier of German and EU data protection standards. Infrastructure for MEBIGX is physically hosted strictly in Frankfurt, Germany (fra1 Node). This ensures all processing remains within a high-protection regulatory zone aligned with Law No. 06/L-082.

AIP Compliance & Complaints

Users have the right to lodge a complaint with the Information and Privacy Agency (AIP): Str. Zejnel Salihu, No. 22, 10000 Prishtina. aip.rks-gov.net

Global Compliance

MEBIGX operates under a 'Highest-Standard' policy with Frankfurt residency as the primary compliance framework. While we are primarily governed by Kosovo Law No. 06/L-082 and GDPR through our Frankfurt infrastructure, our operations also meet global standards including the EU-U.S. Data Privacy Framework (DPF) and the California Consumer Privacy Act (CCPA) for U.S. leads.

GDPR Compliance

Legal Basis for Processing

We process your personal data based on the following lawful bases under Article 6 of the GDPR:

Legitimate Interest (Article 6(1)(f)) - Website analytics and performance monitoring, security monitoring and fraud prevention, network and information security
Contractual Necessity (Article 6(1)(b)) - Processing client inquiries and service requests, delivering services you have requested, communication related to our services
Consent (Article 6(1)(a)) - Non-essential cookies and tracking technologies, marketing communications (if applicable in future)

Data Subject Rights

Under the GDPR, you have the following rights:

Right to Access (Article 15): Request copies of your personal data
Right to Rectification (Article 16): Correct inaccurate personal data
Right to Erasure (Article 17): Request deletion of your personal data
Right to Restrict Processing (Article 18): Limit how we use your personal data
Right to Data Portability (Article 20): Request transfer of your data
Right to Object (Article 21): Object to processing based on legitimate interest
Rights Related to Automated Decision-Making (Article 22): Protection from automated decisions

Data Retention Periods

We retain personal data for the following periods:

Analytics Data: 26 months (Google Analytics default)
Contact Inquiries: 2 years from last communication
Candidate Data: 12 months from receipt, then permanently purged
Service-related Data: 7 years from service completion
Security Logs: 6 months for security monitoring

International Data Transfers

Your personal data may be transferred to countries outside the EU. We ensure adequate protection through:

EU-US Data Privacy Framework for US transfers
Standard Contractual Clauses (SCCs) for other international transfers
Adequacy Decisions where applicable

Data Protection Officer

For GDPR-related matters, contact our Data Protection Officer at:

Email: privacy@mebigx.com
Response Time: Within 30 days of receipt

California Consumer Privacy Act (CCPA) Compliance

Rights for California Residents

If you are a California resident, you have the following rights under the CCPA:

Right to Know (Article 1798.100) - Request disclosure of personal information we collect and use, request categories and specific pieces of personal information
Right to Delete (Article 1798.105) - Request deletion of your personal information, verification process for deletion requests
Right to Opt-Out (Article 1798.120) - Opt-out of sale or sharing of personal information, "Do Not Sell or Share My Personal Information" link
Right to Non-Discrimination (Article 1798.125) - We will not discriminate for exercising privacy rights, equal service and pricing regardless of privacy choices

Financial Incentives

We do not currently offer financial incentives for personal information. If we introduce such programs in the future, we will:

Clearly disclose the material terms
Obtain your written consent
Ensure programs are reasonably priced

Employee and Agent Access

We disclose personal information to our employees and agents only for business purposes. All employees and agents are bound by confidentiality obligations and privacy policies.

Authorized Agent Requests

You may authorize an agent to make requests on your behalf. We will verify the agent's authority before processing requests.

Opt-Out Mechanism

To opt-out of the sale or sharing of your personal information:

Email: privacy@mebigx.com with subject "CCPA Opt-Out"
Response Time: Within 15 business days
Global Opt-Out: Browser settings for cross-site tracking

Data Breach Notification

In the event of a personal data breach, we will:

Assess the Risk - Evaluate likelihood and severity of risk to your rights
Notify Within 72 Hours - Report to supervisory authorities within 72 hours of discovery (GDPR)
Individual Notification - Notify you without undue delay if high risk is identified
Breach Contents - Include nature of breach, measures taken, and potential consequences
Remediation - Provide recommendations to protect your personal data

For breach-related inquiries, contact: privacy@mebigx.com

Your Rights

You have the right to access, update, or delete your personal information. You can also opt out of analytics tracking through our cookie consent system.

Right to Complain: Under Law No. 06/L-082, you have the right to lodge a complaint with the Information and Privacy Agency (AIP) at Str. Zejnel Salihu, No. 22, 10000 Prishtina, or visit aip.rks-gov.net

Third-Party Services

We may use third-party services for analytics, hosting, and email delivery. These services have their own privacy policies governing the use of your information.

Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated revision date.

Contact

If you have questions about this Privacy Policy, please contact us at privacy@mebigx.com

Politika e Privatësisë (Shqip)